PageInfo says "connection not secure" for file URIs (even local files)
Reported by
jidanni@gmail.com,
Mar 5 2018
|
||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 Steps to reproduce the problem: As you see the user is browsing a local file. There is no "connection", and what could be more secure? What is the expected behavior? What went wrong? Wrong warning. Did this work before? No Chrome version: 64.0.3282.119 Channel: n/a OS Version: Flash Version:
,
Mar 31 2018
,
Aug 9
,
Aug 15
Emily & I propose a simple message that says: You're viewing a file on your computer Along the lines of what we show for chrome://flags, and all the other chrome:// pages.
,
Aug 15
Attaching screenshot for reference (proposed string is in c#4)
,
Aug 15
cc +meacer in case there is any reason we shouldn't do this for file:// URLs?
,
Aug 15
Not that I know of. The string at #4 sgtm.
,
Aug 23
Pretty sure "on your computer" isn't necessarily accurate as the file:// URL could point at a resource on a network share. I don't have many ideas; "You're viewing a locally-accessible file"? "You're viewing a local file"? "You're viewing a file"?. Maybe we should have a tech writer suggest something.
,
Aug 23
Good point, meacer@ was also wondering about this after looking into filename_util. cc +srahim for suggestions on the text?
,
Aug 29
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d6a9618ea9be2c4a999ad0b36bd2989eedebdb25 commit d6a9618ea9be2c4a999ad0b36bd2989eedebdb25 Author: Livvie Lin <livvielin@chromium.org> Date: Wed Aug 29 20:28:48 2018 Change Page Info string for local files This cl changes the button text displayed in the omnibox for local files. "File" text is added to the chip and clicking on the button will display the text "You're viewing a file". A follow-up cl will elide file:// from the omnibox display. Screenshot: https://drive.google.com/file/d/1eiFK6FfonGqihqYCheFZmDtI-Qv8UPPZ/view?usp=sharing Bug: 818528 Change-Id: Ideb4c8aaefbe50afd2cdfd3236d1c72809d04fe3 Reviewed-on: https://chromium-review.googlesource.com/1187132 Commit-Queue: Livvie Lin <livvielin@chromium.org> Reviewed-by: Peter Kasting <pkasting@chromium.org> Reviewed-by: Mustafa Emre Acer <meacer@chromium.org> Cr-Commit-Position: refs/heads/master@{#587277} [modify] https://crrev.com/d6a9618ea9be2c4a999ad0b36bd2989eedebdb25/chrome/browser/ui/views/location_bar/location_bar_view.cc [modify] https://crrev.com/d6a9618ea9be2c4a999ad0b36bd2989eedebdb25/chrome/browser/ui/views/location_bar/location_bar_view.h [modify] https://crrev.com/d6a9618ea9be2c4a999ad0b36bd2989eedebdb25/chrome/browser/ui/views/page_info/page_info_bubble_view.cc [modify] https://crrev.com/d6a9618ea9be2c4a999ad0b36bd2989eedebdb25/chrome/browser/ui/views/page_info/page_info_bubble_view_browsertest.cc [modify] https://crrev.com/d6a9618ea9be2c4a999ad0b36bd2989eedebdb25/components/omnibox_strings.grdp [add] https://crrev.com/d6a9618ea9be2c4a999ad0b36bd2989eedebdb25/components/omnibox_strings_grdp/IDS_OMNIBOX_FILE.png.sha1 [modify] https://crrev.com/d6a9618ea9be2c4a999ad0b36bd2989eedebdb25/components/page_info_strings.grdp [add] https://crrev.com/d6a9618ea9be2c4a999ad0b36bd2989eedebdb25/components/page_info_strings_grdp/IDS_PAGE_INFO_FILE_PAGE.png.sha1
,
Aug 30
Hmmm, looking at the screenshot... Maybe it still needs a period at the end.
,
Aug 30
@jidanni Other pages with a similar bubble (e.g. view-source:, chrome://) also don't have periods, so I think it makes sense to keep this consistent with that. Thanks for reporting this!
,
Aug 31
OK.
,
Oct 26
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d8ab2e4dde7f6af7dac865caebac11701c936f64 commit d8ab2e4dde7f6af7dac865caebac11701c936f64 Author: Livvie Lin <livvielin@chromium.org> Date: Fri Oct 26 22:25:41 2018 Elide file scheme in omnibox With the addition of the File chip to the left of the URL display, there isn't a need for the file:// in the URL. Screenshot (Linux): https://drive.google.com/file/d/1uG7UHdcpW9YSiSESdQKJTWwKEvTkqvyF/view?usp=sharing Screenshot (Windows): https://drive.google.com/file/d/1XWLeaBPLJ7sD-5YeboKbmMdC2T-K_9ZC/view?usp=sharing Bug: 818528 Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:ios-simulator-cronet;luci.chromium.try:ios-simulator-full-configs;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:linux_vr;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel Change-Id: I865474182f3863237b3a2b3cd58132115a7d47ca Reviewed-on: https://chromium-review.googlesource.com/c/1274985 Commit-Queue: Livvie Lin <livvielin@chromium.org> Reviewed-by: Tommy Li <tommycli@chromium.org> Reviewed-by: Peter Kasting <pkasting@chromium.org> Cr-Commit-Position: refs/heads/master@{#603218} [modify] https://crrev.com/d8ab2e4dde7f6af7dac865caebac11701c936f64/components/toolbar/toolbar_field_trial.cc [modify] https://crrev.com/d8ab2e4dde7f6af7dac865caebac11701c936f64/components/toolbar/toolbar_field_trial.h [modify] https://crrev.com/d8ab2e4dde7f6af7dac865caebac11701c936f64/components/toolbar/toolbar_model_impl.cc [modify] https://crrev.com/d8ab2e4dde7f6af7dac865caebac11701c936f64/components/url_formatter/elide_url_unittest.cc [modify] https://crrev.com/d8ab2e4dde7f6af7dac865caebac11701c936f64/components/url_formatter/url_formatter.cc [modify] https://crrev.com/d8ab2e4dde7f6af7dac865caebac11701c936f64/components/url_formatter/url_formatter.h [modify] https://crrev.com/d8ab2e4dde7f6af7dac865caebac11701c936f64/components/url_formatter/url_formatter_unittest.cc
,
Oct 26
,
Oct 30
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9dd4a186fbf5376129a9f15de4aca2df8bb60686 commit 9dd4a186fbf5376129a9f15de4aca2df8bb60686 Author: Livvie Lin <livvielin@chromium.org> Date: Tue Oct 30 22:29:51 2018 Exclude Android and iOS from file scheme elision Android and iOS don't have the File security chip, and therefore still need to show the file scheme. (Follow-up from https://chromium-review.googlesource.com/c/chromium/src/+/1274985.) Bug: 818528 Change-Id: Ib42601f637a513d21c965bcbd48f8c66fcc5cc99 Reviewed-on: https://chromium-review.googlesource.com/c/1308077 Commit-Queue: Livvie Lin <livvielin@chromium.org> Reviewed-by: Tommy Li <tommycli@chromium.org> Cr-Commit-Position: refs/heads/master@{#604037} [modify] https://crrev.com/9dd4a186fbf5376129a9f15de4aca2df8bb60686/components/omnibox/browser/omnibox_field_trial.cc
,
Nov 1
Able to reproduce the issue on reported chrome version #64.0.3282.119 using Windows 10. Tested the issue on latest chrome #72.0.3598.0 using Windows 10, Ubuntu 17.10 and Mac OS 10.13.1 and observed the message as "You are viewing local or shared file". @Livvie Lin: Could you please help us in confirming the fix on the latest M-72. Thanks.!
,
Nov 1
Yes, fix landed in M72. "You are viewing local or shared file" is the correct message.
,
Nov 6
As per comment#18, able to verify the fix on latest chrome #72.0.3602.2 using Windows 10, Ubuntu 17.10 and Mac OS 10.14 by following steps as per comment#0. Attached screenshots for reference. Observed the message as "You are viewing local or shared file". Hence, the fix is working as expected. Adding the verified labels. Thanks...!! |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by elawrence@chromium.org
, Mar 5 2018Labels: -Type-Bug-Security -Restrict-View-SecurityTeam OS-Chrome OS-Fuchsia OS-Mac OS-Windows Type-Bug
Status: Untriaged (was: Unconfirmed)
Summary: PageInfo says "connection not secure" for file URIs (even local files) (was: Don't say connection not secure for file: URLs)